The Forrester Wave : Customer Identity and Access Management, Q2 2017

Transcription

1 The Forrester Wave : Customer Identity and Access Management, Q by Merritt Maxim Why Read This Report In our 20-criteria evaluation of customer IAM (CIAM) providers, we identified the eight most significant ones Auth0, ForgeRock, Gigya, Janrain, LoginRadius, Microsoft, Ping Identity, and Salesforce and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk professionals make the right choice for their digital businesses. Key Takeaways Gigya And Janrain Lead The Pack Forrester s research uncovered a market in which Gigya and Janrain lead the pack. Salesforce, ForgeRock, and Ping Identity offer competitive options. Microsoft, LoginRadius, and Auth0 lag behind. S&R Pros Want Secure, Seamless Digital Experiences For Customers The CIAM market is growing because more S&R professionals increasingly trust CIAM providers to help solve key customer IAM challenges and support customer-centric digital transformation initiatives. Every vendor in this Forrester Wave is tracking toward this goal. Analytics, Customer Data Management, And Geographic Coverage Are Key Differentiators As home-grown, disparate technologies for managing customer identity and access become more expensive to administer and less effective, improved customer analytics, customer data management, and the ability to service customers in multiple geographies will dictate which providers will outpace their competitors. Vendors that can provide robust customer analytics and data management on a global scale will position themselves to win. forrester.com

2 The Forrester Wave : Customer Identity and Access Management, Q by Merritt Maxim with Stephanie Balaouras, Andras Cser, Salvatore Schiano, and Peggy Dostie Table Of Contents Related Research Documents CIAM Enables Personal Trusted Digital Experiences Vendors Will Support Fraud Management, More Consent Management, And IoT CIAM Evaluation Overview Evaluated Vendors And Inclusion Criteria Vendor Profiles Leaders Strong Performers Contenders Supplemental Material Forrester s Customer IAM Security Maturity Assessment Model Market Overview: Customer Identity And Access Management (CIAM) Solutions Q&A: 10 Questions To Ask Before Deploying Customer Identity And Access Management Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA USA Fax: forrester.com 2017 Forrester Research, Inc. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. Unauthorized copying or distributing is a violation of copyright law.

3 CIAM Enables Personal Trusted Digital Experiences Today s digital businesses need deep customer insights to successfully deliver new products and services that can increase customers engagement and brand loyalty while maintaining their security and privacy. Customer identity and access management (CIAM), if done well, can help business owners achieve this outcome. According to our data, 71% of global enterprise security technology decision makers rate improving the security of customer-facing apps and services as a high or critical priority; this may explain why enterprise CIAM adoption is getting strong interest across all geographies (see Figure 1). 1 CIAM solutions enable S&R pros and other line of business executives to (see Figure 2): Streamline new customer acquisition and registration processes. Allowing customers to use bring-your-own-identity (BYOI) from a recognized social identity provider such as Facebook, Google, LinkedIn, or PayPal, and preregister on a site is a large component of many CIAM implementations. Social login minimizes registration fatigue, which can occur when users have to create a new account just to complete a transaction at a new site, and minimizes the risk of a new user abandoning a site altogether. CIAM platforms give organizations the ability to build compelling registration pages and support a wide range of social identity providers, which is increasingly important for global brands with diverse customer bases that require support for other regionalspecific providers such as Orkut, VK, and WeChat. Manage user consent to meet compliance with global privacy requirements. Consumers expect brands to accommodate their preferences so that they can decide how firms use their data. Multinational brands with millions of customers must address various demands. The complexity of the changing multijurisdictional aspects of privacy compliance, together with the looming GDPR compliance deadline, means that digital businesses need mechanisms to verify ongoing compliance with consumer privacy mandates, because even the slightest violation can have a material impact on a brand or company. CIAM platforms can assist with these challenges. Provide user-centric capabilities for preference management. A CIAM deployment must allow consumers to update their preferences (e.g., opting out of marketing communications). Strong privacy management in a CIAM implementation empowers consumers to determine how firms collect and use their personal data and must be a core component of any implementation. Provide a consistent, secure omnichannel user experience. Multiple logins cause a fractured value delivery mechanism across channels and devices, which can cause customers to seek competitors services. Eliminating multiple logins is, therefore, the first step for providing lowfriction services to customers. As organizations build in capabilities that remove friction, customers buy more, have more trust, and stay engaged longer. CIAM platforms provide the ability to build consistent and compelling customer interactions, regardless of the access methods, to ensure that customers remain engaged and loyal. 2

4 Deliver identity reporting and analytics. CIAM platforms collect a wide range of data about customers digital interactions. The platform can feed this data into other business intelligence or CRM systems, and ebusiness or customer experience professionals can leverage the data internally within the platform. Integrate with other customer-centric systems of insight. CIAM initiatives increasingly sit at the nexus of multiple digital initiatives. While CIAM solutions provide a range of useful data on their own, these solutions complement other technologies such as content management, personalization engines, CRM, and marketing automation solutions. In response, CIAM platforms are emphasizing integration via documented RESTful APIs to these systems to help digital businesses obtain a comprehensive view of every individual customer. FIGURE 1 CIAM Has Been Adopted Worldwide Global enterprise adoption by region, 2016 Customer identity and access management Asia Pacific 67% North America 64% Europe 54% Base: global enterprise network security decision-makers (base sizes vary by region) Source: Forrester Data Global Business Technographics Security Survey,

5 FIGURE 2 CIAM Platforms Are In Demand CIAM platforms connect data, insights, and security ENGAGE Customer data management Analytics Authenticated identities LEARN Enterprise plans to adopt CIAM The majority of firms prioritize improving customer security 17% 61% 20% Implemented/implementing/expanding Planning to implement within the next 12 months Not interested/interested but no immediate plans Base: 579 enterprise security decision-makers 71% rate improving the security of customerfacing services and applications as high or critical priority. Base: 1,165 enterprise security technology decision-makers Source: Forrester Data Global Business Technographics Security Survey,

6 Vendors Will Support Fraud Management, More Consent Management, And IoT Traditional web access management solutions (WAM) have been in existence since the early 2000s and still enjoy a broad installed base, including for many B2C scenarios. However, the adoption of these solutions was the result of use cases related to authentication, single sign-on, and authorization, and vendors designed them as on-premises installations. The dramatic growth of mobile users and increased emphasis on initiatives that support customer retention led to the creation of many cloudcentric solutions that exchanged WAM policy management for capabilities more aligned with marketing and service requirements. As the CIAM market continues to grow and evolve, CIAM vendors are adding features such as: The ability to detect, monitor, and block fraudulent accounts. Many large B2C sites still experience fraudulent account sign-ups, which can increase their risks. And while many CIAM platforms can already detect brute-force logins and suspend/close potential fraudulent accounts, the continued sophistication of hackers means that CIAM vendors will begin adding more support to reduce fraud at the time of account sign-up. Vendors could offer this capability natively or via integration with other fraud-management vendors, and they could also extend it to monitor and detect potential fraudulent transactions. Improved analytics to support user registration/activation processes. Converting an anonymous user into a known customer will always be important. In response, businesses will continually seek methods that can improve the customer journey experience transparently. This can include progressive profiling to gather data that social identity providers don t provide as well as linking other physical and digital touchpoints, such as in-store purchases and sign-ups. The deep understanding of individual customers garnered here can be leveraged by other business functions to build compelling and sustainable relationships that deliver significant business value. Improved user consent tools to help customers. Because of the need to manage user data in accordance with various compliance requirements, CIAM platforms will begin enhancing support for simple out-of-the-box workflows to help users enable fine-grained access control around how organizations use and share their data. The emerging user-managed access (UMA) standard will likely play an important role in empowering consumers to manage their consent individually. 2 Support for emerging IoT use cases. Many IoT deployments still rely on a very device-centric view of identity. This model is not sustainable, especially concerning connected cars and connected homes, where there may be multiple users of a single device. Such use cases will drive the need to extend digital identity to the network edge to support constrained devices. CIAM platforms analytical and administrative capabilities will complement these IoT identity uses case in the coming years ahead. Geofenced CIAM data centers. Today s global digital businesses must manage a highly diverse customer base within a broad range of privacy and compliance requirements. This is leading to improved user consent management tools, but it will also be accompanied by emergence of 5

7 specific deployment models for individual geographies such as China or the EU. These deployment models will be more than just a data center resident in the region but will include other specific controls for a specific geography and will appeal to organizations that have to manage a broad range of global privacy requirements. CIAM Evaluation Overview To assess the state of the CIAM market and see how the vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top CIAM vendors. After examining past research, user need assessments, and vendor and expert interviews, we developed a comprehensive set of evaluation criteria. We evaluated vendors against 20 criteria, which we grouped into three high-level buckets: Current offering. The vendor s position on the vertical axis of the Forrester Wave graphic indicates the strength of its current CIAM offering. We evaluated criteria such as customer satisfaction with the current CIAM offering, social registration and login, platform security and user authentication, privacy controls, customer data management, analytics, integration and APIs, reporting, scalability and availability, administration and security certifications, and standards support. Strategy. A vendor s position on the horizontal axis indicates the strength of its strategy. Factors we considered include product vision and strategy, product execution, partner ecosystem, pricing terms and flexibility, and customer satisfaction with product strategy and direction. Market presence. The size of each vendor s bubble on the chart indicates the vendor s market presence. We evaluated each vendor s installed base, product line revenues, staffing, and vertical and geographic market penetration. Evaluated Vendors And Inclusion Criteria Forrester included eight vendors in the assessment: Auth0, ForgeRock, Gigya, Janrain, LoginRadius, Microsoft, Ping Identity, and Salesforce. Each of these vendors has (see Figure 3): A CIAM platform that can be deployed in the cloud (private or public). The platform had to be generally available (GA) prior to December 31, Total annual CIAM product revenues of at least $10 million. At least 100 paying customer organizations in production. The vendor s CIAM offering had to have at least 100 paying customer organizations in production at the GA cutoff date. Thought leadership in CIAM evidenced by products and services. We included vendors that demonstrated CIAM thought leadership and CIAM solution strategy execution through regular updates and improvements to their productized CIAM product portfolio. 6

8 A mindshare with Forrester s clients during inquiries. During Forrester inquiries and other interactions, clients mentioned the vendor s name in an unaided context, such as, We looked at the following vendors for CIAM. An unaided mindshare with other CIAM competitive vendors. When Forrester asks other vendors about their competition on briefings, inquiries, and other interactions, other vendors mention the vendor as a real competitor in the CIAM market space. 7

9 FIGURE 3 Evaluated Vendors: Product Information And Selection Criteria Vendor Auth0 ForgeRock Gigya Janrain LoginRadius Microsoft Ping Identity Salesforce Product evaluated Auth0 Customer Identity Management Solution v1.0 ForgeRock Identity Platform v5.0 Gigya Customer Identity Management Platform v6.5 Janrain Identity Cloud LoginRadius CIAM Platform Azure Active Directory B2C PingFederate 8.3 PingAccess 4.2 PingDataGovernance 6.0 PingDirectory 6.0 Salesforce Identity Vendor inclusion criteria A CIAM platform that can be deployed in the cloud (private or public). The platform had to be generally available (GA) prior to December 31, Total annual CIAM product revenues of at least $10 million. At least 100 paying customer organizations in production. The vendor s CIAM offering had to have at least 100 paying customer organizations in production at the GA cutoff date. Thought leadership in CIAM evidenced by products and services. We included vendors that demonstrated CIAM thought leadership and CIAM solution strategy execution through regular updates and improvements to their productized CIAM product portfolio. A mindshare with Forrester s clients during inquiries. During Forrester inquiries and other interactions, clients mention the vendor s name in an unaided context, such as, We looked at the following vendors for CIAM. An unaided mindshare with other CIAM competitive vendors. When Forrester asks other vendors about their competition on briefings, inquiries, and other interactions, other vendors mention the vendor as a real competitor in the CIAM market space. 8

10 Vendor Profiles This evaluation of the CIAM market is intended to be a starting point only. We encourage clients to view detailed product evaluations and adapt criteria weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison tool (see Figure 4). FIGURE 4 Forrester Wave : Customer Identity And Access Management, Q2 17 Strong Strong Challengers Contenders Performers Leaders Current offering Auth0 LoginRadius Salesforce Microsoft Gigya Janrain ForgeRock Ping Identity Go to Forrester.com to download the Forrester Wave tool for more detailed product evaluations, feature comparisons, and customizable rankings. Market presence Weak Weak Strategy Strong 9

11 FIGURE 4 Forrester Wave : Customer Identity And Access Management, Q2 17 (Cont.) Current Offering Forrester s 50%weighting 2.78 Auth0 ForgeRock Gigya Janrain LoginRadius Microsoft Ping Identity Salesforce Customer satisfaction with current CIAM product 10% Social registration and login 12% Platform security and user authentication 12% Privacy controls 8% Customer data management 12% Analytics 6% Integration and APIs 8% Reporting 6% Scalability and availability 8% Administration 12% Security certifications and standards support 6% All scores are based on a scale of 0 (weak) to 5 (strong). 10

12 FIGURE 4 Forrester Wave : Customer Identity And Access Management, Q2 17 (Cont.) Strategy Forrester s 50%weighting 2.25 Auth0 ForgeRock Gigya Janrain LoginRadius Microsoft Ping Identity Salesforce CIAM vision 35% CIAM execution 25% Partner ecosystem 20% 0.00 Pricing terms and flexibility 10% Customer satisfaction with product strategy and direction 10% Market Presence 0% Sales, services and technical support staffing 15% CIAM installed base 35% CIAM revenues 20% Verticals and geographies 30% All scores are based on a scale of 0 (weak) to 5 (strong). Leaders Gigya. Gigya has been delivering CIAM solutions since 2010 and has the largest market presence based on the revenues, direct customer install base, partner ecosystem, and global presence of vendors in this Forrester Wave. Gigya is only available as a multitenant public cloud SaaS offering. The solution s analytics and administration are slightly more intuitive and modern than other solutions. The solution is lacking the TRUSTe security certification. Customers praised the vendor s CIAM execution, reporting, and broad partner ecosystem. Forrester expects the vendor will add support for: 1) cross-network registration analytics to improve conversions; 2) passwordless authentication across all sites; and 3) client-facing notice and consent portal for GDPR-compliant consent document management. Janrain. Janrain was one of the first entrants in this market, having first launched a CIAM solution in Janrain is only available as a multitenant public cloud SaaS offering in AWS with broad global coverage. The vendor s CIAM vision is more differentiated than other solutions in the Forrester Wave and supports a broad range of security certifications including SOC2 and Privacy 11

13 Shield. Janrain s pricing terms and flexibility were less mature than those of other vendors. Customers praised the vendor s administration and social registration and login capabilities. Forrester expects the vendor to add support for: 1) security analytics to reduce data breach risks; 2) expanded policy management controls and policy creation capabilities; and 3) enhanced integrations, scale, and context-based consent management for internet-of-things use cases. Strong Performers Salesforce. Salesforce offers its CIAM solution as part of its well-known CRM platform and deploys it as a multitenant SaaS offering. It s not as mature in user authentication and has the smallest CIAM installed base compared with other vendors evaluated in this study. Reference customers highlighted the solution s reporting capabilities and scalability. The vendor plans to add support for: 1) progressive profiling to gather extra data that social providers do not have and/ or provide as are required by business processes; 2) advanced consent-gathering tools to help customers more easily model and gather opt-in and opt-out data; and 3) risk-based authentication to challenge users when they create sessions from new browsers. ForgeRock. The ForgeRock CIAM solution is designed to be deployed on-premises or in the cloud but does not natively offer a multitenant SaaS offering. The solution is not as mature in reporting and security certifications compared with other vendors evaluated in this study. ForgeRock has been at the forefront of promoting the UMA standard, which provides a mechanism for consumer consent and data sharing. Reference customers liked the solution s flexibility as well as the vendor s strategic direction, especially for emerging IoT consumer use cases. The vendor plans to add support for: 1) contextual identity to increase or reduce friction at any point in a digital session; 2) privacy/consent features to provide users with fine-grained user privacy controls for sharing data based on UMA 2.0; and 3) extending CIAM into constrained IoT devices on the network edge. Ping Identity. Established enterprise IAM vendor Ping Identity acquired UnboundID in August The Ping CIAM offering consists of the rebranded UnboundID PingDataGovernance and PingDirectory, and existing Ping IAM solutions PingFederate and PingAccess, and is usually deployed as hosted cloud or on-premises software. The solution is somewhat more complex to administer and has a somewhat less intuitive user interface than other vendors evaluated in this Forrester Wave. The solution also lacks documented integrations with marketing automation and content management solutions. Reference customers universally singled out Ping s support and service responsiveness. The vendor plans to add support for: 1) mobile SDK to embed MFA functionality in customer mobile apps; 2) additional cloud offerings for customer authentication and profile data store; and 3) additional privacy and customer consent management features for regulatory compliance. 12

14 Contenders Microsoft. Microsoft entered the CIAM market in the spring of 2016 with its Azure Active Directory B2C offering, which the vendor deploys as a multitenant PaaS and SaaS offering, although availability is currently limited to North American data centers. The solution is not as mature in some authentication and reporting functionality compared with other vendors evaluated in this study. The solution also lacks documented integrations with marketing automation and content management solutions. Reference customers praised the scalability and performance of the Azure platform. The vendor plans to add support for: 1) deeper integration with adjacent Microsoft services; 2) availability in public, sovereign, and government data clouds; and 3) lightweight consumer account registration processes via phone number. LoginRadius. LoginRadius is a venture-backed company that has been in the CIAM market since The solution is hosted in Microsoft Azure as a multitenant SaaS offering. The solution is not as mature in customer data management compared with other vendors evaluated in this Forrester Wave. LoginRadius has a much smaller and less mature partner ecosystem and vertical market presence than other vendors. Customers expressed satisfaction with pricing flexibility, especially for smaller initial deployments. The vendor plans to add support for: 1) more international social identity providers; 2) third-party integrations with other marketing automation and content management systems; and 3) TouchID support on mobile devices. Auth0. Auth0 has been a venture-backed CIAM vendor since 2013 and is available as an onpremises appliance, hosted private cloud, or multitenant service in Amazon Web Services (AWS). The solution is not as mature in analytics and third-party integration compared with other vendors evaluated in this study. Auth0 lacks a formal partner ecosystem and has limited market presence outside of North America. Customers praised the solution s ease of administration. The vendor plans to add support for: 1) a developer portal for creating third-party apps; 2) expanded third-party integrations; and 3) extensibility enhancements for attaching custom code. 13

15 Engage With An Analyst Gain greater confidence in your decisions by working with Forrester thought leaders to apply our research to your specific business and technology initiatives. Analyst Inquiry To help you put research into practice, connect with an analyst to discuss your questions in a 30-minute phone session or opt for a response via . Learn more. Analyst Advisory Translate research into action by working with an analyst on a specific engagement in the form of custom strategy sessions, workshops, or speeches. Learn more. Webinar Join our online sessions on the latest research affecting your business. Each call includes analyst Q&A and slides and is available on-demand. Learn more. Forrester s research apps for iphone and ipad Stay ahead of your competition no matter where you are. Supplemental Material Online Resource The online version of Figure 4 is an Excel-based vendor comparison tool that provides detailed product evaluations and customizable rankings. Survey Methodology Forrester Data Global Business Technographics Security Survey, 2016 was fielded in March to May This online survey included 3,588 respondents in Australia, Brazil, Canada, China, France, Germany, India, New Zealand, the UK, and the US from companies with two or more employees. Forrester s Business Technographics ensures that the final survey population contains only those with significant involvement in the planning, funding, and purchasing of business and technology products and services. Research Now fielded this survey on behalf of Forrester. Survey respondent incentives include points redeemable for gift certificates. 14

16 Data Sources Used In This Forrester Wave Forrester used a combination of data sources to assess the strengths and weaknesses of each solution. We evaluated the vendors participating in this Forrester Wave, in part, using materials that they provided to us by March Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluation criteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where necessary to gather details of vendor qualifications. Product demos. We asked vendors to conduct demonstrations of their products functionality. We used findings from these product demos to validate details of each vendor s product capabilities. Customer reference calls. To validate product and vendor qualifications, Forrester also conducted reference calls with three of each vendor s current customers. The Forrester Wave Methodology We conduct primary research to develop a list of vendors that meet our criteria for evaluation in this market. From that initial pool of vendors, we narrow our final list. We choose these vendors based on: 1) product fit; 2) customer success; and 3) Forrester client demand. We eliminate vendors that have limited customer references and products that don t fit the scope of our evaluation. After examining past research, user need assessments, and vendor and expert interviews, we develop the initial evaluation criteria. To evaluate the vendors and their products against our set of criteria, we gather details of product qualifications through a combination of lab evaluations, questionnaires, demos, and/or discussions with client references. We send evaluations to the vendors for their review, and we adjust the evaluations to provide the most accurate view of vendor offerings and strategies. We set default weightings to reflect our analysis of the needs of large user companies and/or other scenarios as outlined in the Forrester Wave evaluation and then score the vendors based on a clearly defined scale. We intend these default weightings to serve only as a starting point and encourage readers to adapt the weightings to fit their individual needs through the Excel-based tool. The final scores generate the graphical depiction of the market based on current offering, strategy, and market presence. Forrester intends to update vendor evaluations regularly as product capabilities and vendor strategies evolve. For more information on the methodology that every Forrester Wave follows, go to Integrity Policy We conduct all our research, including Forrester Wave evaluations, in accordance with our Integrity Policy. For more information, go to 15

17 Endnotes 1 Source: Forrester Data Global Business Technographics Security Survey, See the Forrester report TechRadar : Zero Trust Identity Standards, Q

18 We work with business and technology leaders to develop customer-obsessed strategies that drive growth. Products and Services Core research and tools Data and analytics Peer collaboration Analyst engagement Consulting Events Forrester s research and insights are tailored to your role and critical business initiatives. Roles We Serve Marketing & Strategy Professionals CMO B2B Marketing B2C Marketing Customer Experience Customer Insights ebusiness & Channel Strategy Technology Management Professionals CIO Application Development & Delivery Enterprise Architecture Infrastructure & Operations Security & Risk Sourcing & Vendor Management Technology Industry Professionals Analyst Relations Client support For information on hard-copy or electronic reprints, please contact Client Support at , , or clientsupport@forrester.com. We offer quantity discounts and special pricing for academic and nonprofit institutions. Forrester Research (Nasdaq: FORR) is one of the most influential research and advisory firms in the world. We work with business and technology leaders to develop customer-obsessed strategies that drive growth. Through proprietary research, data, custom consulting, exclusive executive peer groups, and events, the Forrester experience is about a singular and powerful purpose: to challenge the thinking of our clients to help them lead change in their organizations. For more information, visit forrester.com